Linux Kernel module debugging

1. Enable the VM and run it to kgdb: Waiting for connection from remote gdb.

2. run socat tcp-listen: 8888/tmp/vbox2 on the Host, where/tmp/vbox2 is the pipeline file, which is the redirection destination file of the serial port of the target machine, socat redirects the MPs queue file to port 8888 of tcp socket.

3. Start a new virtual terminal, cd path/to/kernel/source/tree, and then execute gdb./vmlinux

Output

GNU gdb 6.8-debian

Copyright (C) 2008 Free Software Foundation, Inc.

License GPLv3 +: gnu gpl version 3 or later

This is free software: you are free to change and redistribute it.

There is no warranty, to the extent permitted by law. Type "show copying"

And "show warranty" for details.

This GDB was configured as "i486-linux-gnu "...

(Gdb) set-remote

Set remote baud rate to 115200c/s

Set remote target to local tcp socket

Kgdb_breakpoint () at kernel/kgdb. c: 1721

1721 wmb ();/* Sync point after breakpoint */

(Gdb) c

Continuing.

The Target opportunity is started until the user name and password are prompted.

4. Enter the target machine, enter the user name and password (the root user under the character interface is recommended), enter the g command, the target machine is disconnected, and the control is handed over to gdb on the Host machine. (Add a line alias g = 'echo g>/proc/sysrq-trigger' to. bashrc in the root user directory of the target machine ')

5. In gdb on the Host machine

(Gdb) set-mod-break

Set breakpoint in system module init function

Breakpoint 1 at 0xc014bac5: file kernel/module. c, line 2288.

(Gdb) c

Continuing.

6. On the target machine

Insmod klogger2.ko

When the target machine is disconnected again, the control is transferred to gdb on the Host machine.

7. In gdb on the Host machine

[New Thread 4693]

[Switching to Thread 4693]

Breakpoint 1, sys_init_module (umod = 0x0, len = 0, uargs = 0x0)

At kernel/module. c: 2288

2288 if (mod-> init! = NULL)

(Gdb) print-mod-segment

Name:. note. gnu. build-id Address: 0xdf977058

Name:. text Address: 0xdf975000

Name:. rodata Address: 0xdf977080

Name:. rodata. str1.4 Address: 0xdf9774b4

Name:. rodata. str1.1 Address: 0xdf977522

Name:. parainstructions Address: 0xdf977a00

Name:. data Address: 0xdf978440

Name:. gnu. linkonce. this_module Address: 0xdf978480

Name:. bss Address: 0xdf978a00

Name:. symtab Address: 0xdf977a08

Name:. strtab Address: 0xdf978078

(Gdb) add-symbol-file/home/done/programs/linux-kernel/vlogger/klogger2.ko 0xdf975000-s. data 0xdf978440-s. bss 0xdf978a00

Add symbol table from file "/home/done/programs/linux-kernel/vlogger/klogger2.ko"

. Text_addr = 0xdf975000

. Data_addr = 0xdf978440

. Bss_addr = 0xdf978a00

(Y or n) y

Reading symbols from/home/done/programs/linux-kernel/vlogger/klogger2.ko... done.

(Gdb) B hook_init

Breakpoint 2 at 0xdf976d19: file/home/done/programs/linux-kernel/vlogger/hook. c, line 255.

(Gdb)

You can debug your own LKM modules.

Attach the gdb Initialization Configuration File ~ /. Gdbinit

Define set-remote

Echo set remote baud rate to 115200c/s \ n

Set remotebaud 115200

Echo set remote target to local tcp socket \ n

Target remote tcp: localhost: 8888

End

Define set-mod-break

Echo set breakpoint in system module init function \ n

Breakkernel/module. c: 2288

End

Define print-mod-segment

Set $ sect_num = mod-> sect_attrs-> nsections

Set $ cur = 0

While $ cur <$ sect_num

Printf "Name: %-s Address: 0x % x \ n", mod-> sect_attrs-> attrs [$ cur]-> name, mod-> sect_attrs-> attrs [$ cur]-> address

Set $ cur = $ cur + 1

End

End

Note: The debugging script of gdb is really hard to write. It is very difficult to connect simple string variables to the equivalent judgment. I don't know whether it is my poor level or that the Script Function of gdb is too weak, in short, compared to Windbg, kernel debugging is difficult to measure.